Northeast Data Security - Vulnerability Assessment

.: services

.: vulnerability assessment

Internal vulnerability assessment
During an internal vulnerability assessment we work together with management to evaluate the configuration and security of internal network resources. Workstations, servers, firewalls, routers, and switches are tested to ensure the following:

Systems patches, service packs, and firmware are up to date
Application patches and service packs are up to date
Default accounts have been renamed
Unnecessary services have been disabled
There are no dormant or stagnant accounts
Access to network resources has been appropriately limited
Host activity is being adequately monitored and logs are being retained
Administrative access is appropriately limited and monitored

External vulnerability assessment
An external vulnerability tests for weaknesses in an organization’s infrastructure which is exposed to the Internet. We evaluate the general security of servers and routers to determine if there are any known, exploitable vulnerabilities on the systems. We then issue our report of findings.

.: why a vulnerability assessment?

An external vulnerability assessment is a cost effective solution to understanding three things:
1) Where your systems may be vulnerable to outside attackers
2) Have your efforts to secure your systems been effective
3) Where to focus your efforts in securing your infrastructure in the future

The difference between a vulnerability assessment and a penetration test is; in a vulnerability assessment we check to see if the door is locked or unlocked and tell you when we find it unlocked. While during a penetration test we not only check to see if the door is locked but if we get through the door we then try to get all the way into the most secure part of the house.